300-730 Online Practice Questions and Answers

Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

A. group-alias

B. certificate map

C. optimal gateway selection

D. group-url

E. AnyConnect client version

Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group.

When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?

A. The XML profile is not configured correctly for the affected users.

B. The new client image does not use the same major release as the current one.

C. Client services are not enabled.

D. Client software updates are not supported with IKEv2.

Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.

B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

C. A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

D. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.

E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Which remote access VPN technology requires the use of the IPsec-proposal configuration option?

A. clientless SSLVPN

B. SSLVPN Full Tunnel

C. IKEv2-based VPN

D. IKEv1-based VPN

What are two differences between ECC and RSA? (Choose two.)

A. Key generation in ECC is slower and more CPU intensive than RSA.

B. ECC can have the same security as RSA but with a shorter key size.

C. ECC cannot have the same security as RSA, even with an increased key size.

D. Key generation in ECC is faster and less CPU intensive than RSA.

E. ECC lags in performance when compared with RSA.

Refer to the exhibit.

Which type of VPN is being configured, based on the partial configuration snippet?

A. GET VPN with COOP key server

B. GET VPN with dual group member

C. FlexVPN load balancer

D. FlexVPN backup gateway

While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?

A. Verify that the ISAKMP proposals match.

B. Ensure that UDP 500 is not being blocked between the devices.

C. Correct the peer's IP address on the crypto map.

D. Confirm that the pre-shared keys match on both devices.

What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)

A. to download encryption keys

B. to maintain encryption policies

C. to distribute routing information

D. to encrypt data traffic

E. to authenticate group members

A network administrator wants the Cisco ASA to automatically start downloading the Cisco AnyConnect client without prompting the user to select between WebVPN or AnyConnect. Which command accomplishes this task?

A. anyconnect ssl df-bit-ignore enable

B. anyconnect ask none default anyconnect

C. anyconnect ask enable default anyconnect

D. anyconnect modules value default

An engineer is implementing a failover solution for a FlexVPN client site where ESP traffic to the primary FlexVPN server is blocked intermittently after tunnel establishment. This issue causes users at the branch site to lose access to the corporate network. The solution must quickly establish a tunnel and send traffic to the secondary FlexVPN server only during a failover event. Which action must the engineer take to implement this solution?

A. Create one tunnel with peer statements to each server and use Dead Peer Detection to track the status or the primary server.

B. Create two tunnels for each FlexVPN server and use the tunnel keepalive command to track the status of each FlexVPN server.

C. Create one tunnel with peer statements to each server and use object tracking to track the status of the primary server.

D. Create two tunnels for each FlexVPN server and use a dynamic routing protocol to track the status or each FlexVPN server.